Vietnam: Regulations on information security in banking operations must be signed by the institution’s lawful representative

According to Article 6 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, regulations on information security in banking regulations are as follows:

1. Each institution must set out its own regulations on information security which must be consistent with its specific information system, organizational structure, managerial and operational requirements. The regulations on information security must be signed by the institution’s lawful representative and implemented throughout that institution.

2. Regulations on information security shall, inter alia, include the following basic contents:

- Management of information technology assets;

- Human resource management;

- Assurance of physical safety and the safety of installation environment;

- Operating and information exchange management;

- Access management;

- Management of third parties’ information technology services;

- Management of acceptance, development and maintenance of information systems;

- Management of information security incidents;

- Assurance of continuous operation of information systems;

- Internal inspection and reporting regime.

3. Each institution must review its regulations on information security at least once a year and ensure the completeness of these regulations in accordance with the provisions herein. Whenever there is any deficiency or irrationality that may cause the information system insecurity or upon the request of competent authorities, each institution shall immediately amend and modify its existing regulations on information security.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE